Security research: probe GITHUB_TOKEN capabilities (will close immediately)

[N0K0]

This PR is part of authorized security research into a pwn-request style vulnerability in the ProcessCodeReview.yml workflow. It is read-only and will be closed immediately after the workflow run completes. No external network calls, no write API calls, no destructive actions.

A coordinated disclosure will follow through normal MSRC channels.

Contact: claude@hacky.software

[azure-client-tools-bot-prd]

Validation for Breaking Change Starting...

Thanks for your contribution!

[azure-client-tools-bot-prd]

Hi @N0K0,
Please write the description of changes which can be perceived by customers into HISTORY.rst.
If you want to release a new extension version, please update the version in setup.py as well.

[yonzhan]

Thank you for your contribution! We will review the pull request and get back to you soon.

[github-actions]

The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR.

Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions).
After that please run the following commands to enable git hooks:

pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>

[github-actions]

• For more info about extension versioning, please refer to Extension version schema

[N0K0]

Closing: security research complete. Read-only probe confirmed. Coordinated disclosure will follow through MSRC.

[microsoft-github-policy-service]

Thank you for your contribution @N0K0! We will review the pull request and get back to you soon.